CVE-2023-23342 MEDIUM

CVE-2023-23342: HCL Nomad for web is affected by cryptographic validation of local data access that can be circumvented

Vendor Hcl Software
Product HCL Nomad for web
Published August 10, 2023
Last update October 9, 2024

CVSS base score

6.6/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. 

Key dates

02Disclosure timeline

August 10, 2023 CVE published
October 9, 2024 Record updated